准备

基本yum源

  1. yum install -y epel-release 
  2. yum install -y wget bash-com*  git
  3. yum update -y
yum -y install  gcc bc gcc-c++ ncurses ncurses-devel cmake elfutils-libelf-devel openssl-devel flex* bison* autoconf automake zlib* fiex* libxml* ncurses-devel libmcrypt* libtool-ltdl-devel* make cmake  pcre pcre-devel openssl openssl-devel   jemalloc-devel tlc libtool vim unzip wget lrzsz bash-comp* ipvsadm ipset jq sysstat conntrack libseccomp conntrack-tools socat curl wget git conntrack-tools psmisc nfs-utils tree bash-completion conntrack libseccomp net-tools crontabs sysstat iftop nload strace bind-utils tcpdump htop telnet lsof

关闭防火墙,swap,selinux

#关闭防火墙
systemctl disable --now firewalld

#关闭swap
swapoff -a
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

#关闭selinux
setenforce 0
sed -ri '/^[^#]*SELINUX=/s#=.+$#=disabled#' /etc/selinux/config

安装wireguard

需要公网ip一个

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install  https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y
yum install kmod-wireguard wireguard-tools wireguard-dkms yum-plugin-elrepo -y

重启

reboot

配置wireguard

架构如下
image.png

生成服务器端的公钥和私钥

wg genkey | tee server_private_key | wg pubkey > server_public_key

image.png

生成客户端的公钥和私钥

客户端工具下载
链接: https://pan.baidu.com/s/1qbVzJa-hK4691to327XIiw 提取码: 1n2y
先安装TunSafe-TAP-9.21.2.exe
打开解压压缩文件,解压后打开TunSafe.exe
生成公钥和私钥
image.png
image.png

服务端配置文件

vim /etc/wireguard/wg0.conf

[Interface]
Address = 192.168.10.1/24    ##vpn网段中的服务端ip,自定义即可
SaveConfig = true
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 10443   ##监听端口
PrivateKey = oGZZJHtEhkIqj9TfRdPqNuWDaBLbxyNwXPLgfU+fdmI=   ###服务端私钥

[Peer]
PublicKey = rYh91/aYVhwGRAL3ReveYkj6oL/sBziptN5GuRDpPDA=   ###客户端公钥
AllowedIPs = 192.168.10.2/32  ###vpn网段中的客户端ip,自定义即可

客户端配置文件

image.png

[Interface]
PrivateKey = sHfHGh6bS9Jzx/GAfItoyN9JInf+v9ZS0Ar1bHKcW0U=  ##客户端私钥
DNS = 114.114.114.114 ##dns
Address = 192.168.10.2/24   ##vpn网段中的客户端ip,与服务器端写的对应

[Peer]
PublicKey = TkIA/PDWVz8MJTxfLLazvc9vvw9O5HfjWTOZLDorDGE=  ##服务端公钥
AllowedIPs = 0.0.0.0/0
Endpoint = xxxxx:10443   ##连接服务上公网:10443,安全组需对外开发udp端口10443 
PersistentKeepalive = 25

wireguard启动

服务端启动

wg-quick up wg0

wh show

image.png

客户端连接

image.png